Security Test: Large JSON input¶
Description¶
Default Severity:
When a system accepts an extremely large JSON input as an argument, it can be tricked into spending too much time or memory processing the data. This is dangerous because attackers could send such huge inputs deliberately, causing the system to slow down, crash, or become unresponsive. Developers often overlook input limits or validations, assuming that inputs will always be well-formed and within reasonable size, making the application vulnerable to denial-of-service attacks. If left unaddressed, the system might suffer from degraded performance or even complete outages, which could lead to service disruptions and further security complications.
Reference:
Configuration¶
Identifier:
resource_limitation/large_json_input
Examples¶
All configuration available:
checks:
resource_limitation/large_json_input:
skip: false # default
options:
skip_objects: # cf. Options below
Options¶
Options can be set in the options key of the Security Test Configuration.
| Property | Type | Default | Description |
|---|---|---|---|
skip_objects | List[string] | List of object that are to be skipped by the security test. |
Compliance and Standards¶
| Standard | Value |
|---|---|
| OWASP API Top 10 | API4:2023 |
| OWASP LLM Top 10 | LLM04:2023 |
| PCI DSS | 6.5.1 |
| GDPR | Article-32 |
| SOC2 | CC1 |
| PSD2 | Article-94 |
| ISO 27001 | A.14.2 |
| NIST | SP800-95 |
| FedRAMP | SI-10 |
| CWE | 20 |
| CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:H/RL:O/RC:C |
| CVSS Score | 5.1 |